From 4bb9bd6fb2d864c5a80f2924979850cec5e24841 Mon Sep 17 00:00:00 2001 From: Yves Brissaud Date: Wed, 26 Jun 2024 10:58:31 +0200 Subject: [PATCH 1/2] add release notes for docker scout v1.10.0 Signed-off-by: Yves Brissaud Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- content/scout/release-notes/cli.md | 31 ++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/content/scout/release-notes/cli.md b/content/scout/release-notes/cli.md index 3cb6f303b1..b49c7ed0df 100644 --- a/content/scout/release-notes/cli.md +++ b/content/scout/release-notes/cli.md @@ -8,6 +8,37 @@ This page contains information about the new features, improvements, known issues, and bug fixes in the Docker Scout [CLI plugin](https://github.com/docker/scout-cli/) and the `docker/scout-action` [GitHub Action](https://github.com/docker/scout-action). +## 1.10.0 + +{{< release-date date="2024-06-26" >}} + +### Bug fixes and enhancements + +- Add new classifiers: + - `irssi` + - `Backdrop` + - `CrateDB CLI (Crash)` + - `monica` + - `Openliberty` + - `dumb-init` + - `friendica` + - `redmine` +- Fix whitespace-only originator on package breaking BuildKit exporters +- Fix parsing image references in SPDX statement for images with a digest +- Support `sbom://` prefix for image comparison: + + ```console {title="CLI"} + $ docker scout compare sbom://image1.json --to sbom://image2.json + ``` + + ```yaml {title="GitHub Action"} + uses: docker/scout-action@v1 + with: + command: compare + image: sbom://image1.json + to: sbom://image2.json + ``` + ## 1.9.3 {{< release-date date="2024-05-28" >}} From 075c436958d213089b7e1ae109bd3984ca084086 Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Thu, 27 Jun 2024 10:38:32 +0200 Subject: [PATCH 2/2] vendor: github.com/docker/scout-cli v1.10.0 Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- .../docker/scout-cli/docs/docker_scout_compare.yaml | 1 + _vendor/github.com/docker/scout-cli/docs/scout_compare.md | 1 + _vendor/modules.txt | 4 ++-- go.mod | 4 ++-- go.sum | 2 ++ 5 files changed, 8 insertions(+), 4 deletions(-) diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml index ca88ba8247..516cb36e99 100644 --- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml +++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_compare.yaml @@ -34,6 +34,7 @@ long: |- - `oci-dir://` use an OCI layout directory - `archive://` use a tarball archive, as created by `docker save` - `fs://` use a local directory or file + - `sbom://` SPDX file or in-toto attestation file with SPDX predicate or `syft` json SBOM file usage: docker scout compare --to IMAGE|DIRECTORY|ARCHIVE [IMAGE|DIRECTORY|ARCHIVE] pname: docker scout plink: docker_scout.yaml diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_compare.md b/_vendor/github.com/docker/scout-cli/docs/scout_compare.md index b3530da571..b153bc1018 100644 --- a/_vendor/github.com/docker/scout-cli/docs/scout_compare.md +++ b/_vendor/github.com/docker/scout-cli/docs/scout_compare.md @@ -68,6 +68,7 @@ or if you want to control from where the image will be resolved, you must prefix - `oci-dir://` use an OCI layout directory - `archive://` use a tarball archive, as created by `docker save` - `fs://` use a local directory or file +- `sbom://` SPDX file or in-toto attestation file with SPDX predicate or `syft` json SBOM file ## Examples diff --git a/_vendor/modules.txt b/_vendor/modules.txt index 59247ac4d3..f0ed378cec 100644 --- a/_vendor/modules.txt +++ b/_vendor/modules.txt @@ -1,6 +1,6 @@ # github.com/moby/moby v27.0.1+incompatible # github.com/moby/buildkit v0.14.1 # github.com/docker/buildx v0.15.1 -# github.com/docker/cli v27.0.1+incompatible +# github.com/docker/cli v27.0.1-rc.1+incompatible # github.com/docker/compose/v2 v2.28.1 -# github.com/docker/scout-cli v1.9.3 +# github.com/docker/scout-cli v1.10.0 diff --git a/go.mod b/go.mod index cf8d182f3b..f96c4f4afc 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/docker/buildx v0.15.1 // indirect github.com/docker/cli v27.0.1-rc.1+incompatible // indirect github.com/docker/compose/v2 v2.28.1 // indirect - github.com/docker/scout-cli v1.9.3 // indirect + github.com/docker/scout-cli v1.10.0 // indirect github.com/moby/buildkit v0.14.1 // indirect github.com/moby/moby v27.0.1+incompatible // indirect ) @@ -17,7 +17,7 @@ replace ( github.com/docker/buildx => github.com/docker/buildx v0.15.1 github.com/docker/cli => github.com/docker/cli v27.0.1+incompatible github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.28.1 - github.com/docker/scout-cli => github.com/docker/scout-cli v1.9.3 + github.com/docker/scout-cli => github.com/docker/scout-cli v1.10.0 github.com/moby/buildkit => github.com/moby/buildkit v0.14.0-rc2.0.20240611065153-eed17a45c62b github.com/moby/moby => github.com/moby/moby v27.0.1+incompatible ) diff --git a/go.sum b/go.sum index 7270e81111..e4766ebcc1 100644 --- a/go.sum +++ b/go.sum @@ -190,6 +190,8 @@ github.com/docker/scout-cli v1.8.0 h1:rxwU9Xzt1LhqSY37ZVe/GPRCQxrEaQNipOMpCrUdGn github.com/docker/scout-cli v1.8.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc= github.com/docker/scout-cli v1.9.3 h1:u3lKQ7A1EvT3qNe5lR2c8dTNcAGIoSmH8HvSYarLlJY= github.com/docker/scout-cli v1.9.3/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc= +github.com/docker/scout-cli v1.10.0 h1:C8Gm+6Oc7NqhtZ/UoACv3N2LaP1jqkhlIDRhBOqMBng= +github.com/docker/scout-cli v1.10.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc= github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=